search

impierce / openid4vc

Rust implementation of the OpenID4VC standards. The library will offer implementations for SIOPv2, OpenID4VP and OpenID4VCI.
https://www.impierce.com
Apache License 2.0
28 stars 3 forks source link

Support OID4VCI Pre-Authorized Code Flow #45

Closed nanderstabel closed 1 year ago

nanderstabel commented 1 year ago

Description

+--------------+   +-----------+                                    +-------------------+
| User         |   |   Wallet  |                                    | Credential Issuer |
+--------------+   +-----------+                                    +-------------------+
        |                |                                                    |
        |                |  (1) User provides  information required           |
        |                |      for the issuance of a certain Credential      |
        |-------------------------------------------------------------------->|
        |                |                                                    |
        |                |  (2) Credential Offer (Pre-Authorized Code)        |
        |                |<---------------------------------------------------|
        |                |  (3) Obtains Issuer's Credential Issuer metadata   |
        |                |<-------------------------------------------------->|
        |   interacts    |                                                    |
        |--------------->|                                                    |
        |                |                                                    |
        |                |  (4) Token Request (Pre-Authorized Code, pin)      |
        |                |--------------------------------------------------->|
        |                |      Token Response (access_token)                 |
        |                |<---------------------------------------------------|
        |                |                                                    |
        |                |  (5) Credential Request (access_token, proof(s))   |
        |                |--------------------------------------------------->|
        |                |      Credential Response                           |
        |                |      (credential(s))                               |
        |                |<---------------------------------------------------|

Figure 2: Issuance using Pre-Authorized Code Flow

  1. The Credential Issuer successfully obtains consent and user data required for the issuance of a requested Credential from the End-User using Issuer specific business process.
  2. The flow defined in this specification begins as the Credential Issuer generates a Credential Offer for certain Credential(s) and communicates it to the Wallet, for example as a QR code or as a deeplink.
  3. The Wallet uses information from the Credential Offer to obtain the Credential Issuer's metadata including details about the Credential that this Credential Issuer wants to issue. This step is defined in Section 10.2.
  4. The Wallet sends the Pre-Authorized Code obtained in step (2) in the Token Request to the Token Endpoint. The Wallet will send a PIN provided by the User, if it was required by the Credential Issuer. This step is defined in Section 6.
  5. This step is the same as Step 5 in the Authorization Code Flow.

Motivation

No response

Resources

https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html#name-pre-authorized-code-flow

To-do List